10 security challenges for blockchain in financial services

As financial services set about reforming their business with blockchain technology, a report from an EU security agency has highlighted a number of security concerns around distributed ledger technology (DLT).

In its report – Distributed Ledger Technology & Cybersecurity – the European Union Agency for Network and Information Security (Enisa) states: “The speed and cost of doing business using distributed ledger technology is expected to improve by simplifying back-office operations and lowering the need for human intervention. However, a number of security concerns around this new technology remains.”

Authorised access

The paper identifies some of the challenges of using blockchain, including: key generation and management, smart contract management and scalability. Key management is a challenge in the use of traditional technology as well as blockchain. It means the process by which activity on an account is authorised and the challenge is to prevent any unauthorised access. The report states: “Unlike with traditional systems, where before a server administrator was capable of tracking attempts to break into a customer or user account, the malicious users can keep trying limitlessly to decrypt or try to reproduce a private key out of encrypted data from a given ledger. With Blockchain, there is no way of knowing this is happening until after the hacker has succeeded.”

Cryptography

Cryptography is another of the main challenges for financial institutions while considering the implementation of blockchain-based processes. The report says that the main challenge associated with cryptography is that “stringent policies and procedures must be followed when managing keys, including people, processes and technology”.

51% attack

The report goes on to discuss code review and privacy, as well as some of the more specific challenges related to blockchain, including 'consensus hijack', in which a hacker is able to take control of a majority of other users in order to manipulate the network or validation process – known as a “51% attack”.

The other challenges discussed in Enisa's report are:

consensus hijack

sidechains

exploiting permissioned blockchains

distributed denial of service

wallet management

scalability

smart contract management

interoperability

governance controls

anti-fraud and anti-money laundering tools

Enisa works with the EU, its member states, the private sector and European citizens to develop advice and recommendations on good practice in information security.